Documentation
Integrate Deft into your security workflow. Scan domains, detect vulnerabilities, and retrieve results programmatically.
Quick Start
Get scanning in under a minute. All you need is an API key and a target domain.
1. Trigger a scan
curl -X POST https://deft.is/api/v1/scans \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'Response
{
"id": "d4f7a1b2-3c4e-5f6a-7b8c-9d0e1f2a3b4c",
"domain": "example.com",
"status": "running",
"scan_type": "quick",
"created_at": "2026-02-08T12:00:00Z"
}2. Get scan results
curl https://deft.is/api/v1/scans/d4f7a1b2-3c4e-5f6a-7b8c-9d0e1f2a3b4c/results \
-H "Authorization: Bearer YOUR_API_KEY"Response
{
"id": "d4f7a1b2-3c4e-5f6a-7b8c-9d0e1f2a3b4c",
"domain": "example.com",
"status": "completed",
"created_at": "2026-02-08T12:00:00Z",
"completed_at": "2026-02-08T12:02:30Z",
"results": {
"open_ports": [22, 80, 443, 3306],
"services": [
{"port": 22, "service": "ssh", "version": "OpenSSH 8.9"},
{"port": 80, "service": "http", "version": "nginx/1.24.0"},
{"port": 443, "service": "https", "version": "nginx/1.24.0"},
{"port": 3306, "service": "mysql", "version": "MySQL 8.0.35"}
],
"subdomains": ["api.example.com", "staging.example.com", "mail.example.com"],
"vulnerabilities": [
{
"id": "CVE-2024-1234",
"severity": "high",
"cvss": 8.1,
"service": "nginx/1.24.0",
"description": "HTTP/2 rapid reset vulnerability"
}
],
"score": 72,
"email_security": { ... },
"security_headers": { ... },
"summary": "AI-generated security assessment..."
}
}API access available on Enterprise plans. Talk to sales to get your API key.
Authentication
All API requests require a Bearer token in the Authorization header. Tokens are scoped to your organization and can be managed from the dashboard.
curl https://deft.is/api/v1/scans \
-H "Authorization: Bearer YOUR_API_KEY"Scan quotas
API access requires an Enterprise plan. Free plans cannot access the API.
Free
10 / day
Enterprise
Unlimited
Create Scan
Initiate a new scan against a target domain. The scan runs asynchronously — poll the results endpoint or configure a webhook in your dashboard to be notified on completion.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
| domain | string | yes | Target domain to scan (e.g. example.com) |
| scan_type | string | no | "quick" (ports + services) or "full" (includes CVE detection). Default: "quick" |
curl -X POST https://deft.is/api/v1/scans \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"domain": "example.com",
"scan_type": "full"
}'Get Results
Retrieve the results of a completed scan. Returns open ports, discovered services, subdomains, vulnerabilities, and a composite security score.
Response fields
| Field | Type | Description |
|---|---|---|
| status | string | "pending", "running", "completed", or "failed" |
| results.open_ports | number[] | List of open port numbers |
| results.services | object[] | Service details per port (port, service, version) |
| results.subdomains | string[] | Discovered subdomains |
| results.vulnerabilities | object[] | CVEs with severity, CVSS, and description |
| results.score | number | Composite security score (0-100) |
| results.email_security | object | Email security analysis (SPF, DKIM, DMARC) |
| results.security_headers | object | HTTP security headers assessment |
| results.summary | string | AI-generated security assessment summary |
curl https://deft.is/api/v1/scans/d4f7a1b2-3c4e-5f6a-7b8c-9d0e1f2a3b4c/results \
-H "Authorization: Bearer YOUR_API_KEY"Webhooks
Receive scan results automatically when a scan completes or fails. Configure webhook URLs in your dashboard under Settings > Webhooks. Deft sends a POST request to your configured URL with the full scan results payload.
Webhook payload
{
"event": "scan.completed",
"scan_id": "d4f7a1b2-3c4e-5f6a-7b8c-9d0e1f2a3b4c",
"domain": "example.com",
"timestamp": "2026-02-08T12:05:00Z",
"results": {
"open_ports": [22, 80, 443],
"services": [...],
"subdomains": [...],
"vulnerabilities": [...],
"score": 72
}
}Events
scan.completedScan finished successfully with resultsscan.failedScan encountered an errorVerification
All webhook requests include an X-Deft-Signature header and an X-Deft-Event header. The signature is an HMAC-SHA256 hash of the request body, prefixed with sha256=. Verify this against your webhook secret to ensure authenticity.
# Example header value
X-Deft-Signature: sha256=a1b2c3d4e5f6...
X-Deft-Event: scan.completedService Discovery
TCP SYN scanning across the top 1,000 ports captures ~93% of services in enterprise environments. Each open port undergoes service fingerprinting to identify applications, versions, and protocols.
Attack Surface Mapping
Multi-source subdomain enumeration combining Certificate Transparency logs, passive DNS databases, and DNS zone analysis. Every discovered subdomain undergoes the same scanning pipeline as the primary domain.
Vulnerability Detection
Correlates discovered services against the NIST NVD and supplementary threat intelligence feeds. Findings are scored with CVSS v3.1 and enriched with exploit availability data.
Security Assessment
Composite security scoring that aggregates vulnerability density, service exposure, asset sprawl, and configuration hygiene. Reports include executive summary, technical findings, remediation guidance, and compliance mapping.
Need help?
Can't find what you're looking for? Reach out to our team.
Discover vulnerabilities before attackers do. Protect what matters.
© 2026 Deft Technologies